<?php
/**
* Update the user preferences
*
* @author       Fabrice Douteaud <admin@clearbudget.net>
* @package      framework
* @access       public
*/

/***********************************************************************

  Copyright (C) 2008  Fabrice Douteaud (admin@clearbudget.net)

    This file is part of ClearBudget.

    ClearBudget is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    ClearBudget is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with ClearBudget.  If not, see <http://www.gnu.org/licenses/>.


************************************************************************/
//prevent direct access
if(!defined('ENGINEON')) die('Direct access forbidden');
global $context;
// some flags
$missingMandatoryUserSettings = false;
$badUsername = false;
$badPassword = false;
$settingsSuccess = false;
$badCurrentPassword = false;

$userSettings = class_settings::getInstance();

// define the default values
is_null($context->username)?$username = $userSettings->getUsername():$username = $context->username;
is_null($context->newPassword)?$newPassword = null:$newPassword = $context->newPassword;
is_null($context->currentPassword)?$currentPassword = null:$currentPassword = $context->currentPassword;
is_null($context->secureAccess)?$secureAccess = $userSettings->secureAccess():$secureAccess = $context->secureAccess;
is_null($context->currency)?$currency = $userSettings->getCurrency():$currency = $context->currency;
is_null($context->language)?$language = $userSettings->getLanguage():$language = $context->language;

// if the user did not submit, we simply go to the view
if($context->submit == null) {
  return;
  }

// is site secure
$isSiteSecure = $userSettings->secureAccess();

// if site is secured already, we validate the password
if($isSiteSecure) {
  // get the current password (if any)
  $password_in_db = $userSettings->getPassword(true);
  if($password_in_db!=false) {
    if($password_in_db != md5($currentPassword)) {
      $badCurrentPassword = true;
      $currentPassword = null;
      return;
      }
    }
  else {
    $badCurrentPassword = true;
    return;
    }
  }

// if we have the request to secure the access to the site, we must have a valid password
if($context->secureAccess === '1') {
  $userSettings->secureAccess = '1';
  
  // check if username and password are valid
  if($username == null || $username == '' || strlen($username)<6) {
    $badUsername = true;
    return;
    }
  else $userSettings->username = $username;

  // if no password is given, we use the current one
  if($currentPassword!=null && ($newPassword == null || $newPassword == '')) {
    $newPassword = $currentPassword;
   }
  // else the given password must be 6 characters at least
  elseif(strlen($newPassword)<6) {
    $userSettings->secureAccess = $isSiteSecure;
    $badPassword = true;
    return;
    }
  else $userSettings->password = $newPassword;
  }
else {
  // if secure access is not requested, then we make sure that no password is in the DB anymore
  $userSettings->resetPassword();
  $userSettings->secureAccess = '0';
  }

$language = $context->language;
$currency = $context->currency;
// if everything is good, we update the user preferences
if($language!='NULL' && $currency!='NULL' && $language!='' && $currency!='') {
  $settingsSuccess = true;
  // update the user settings
  $userSettings->currency = $currency;
  $userSettings->language = $language;
  $userSettings->updateUserSettings(true);
  // update the cookie as the username or password may have changed
  class_userCookie::setUserCookie($userSettings->getUsername(), $userSettings->getPassword());
  }
else {
  $missingMandatoryUserSettings = true;
  }

// update the secure access flag from the DB
$secureAccess = $userSettings->secureAccess();
// switch to the new language if necessary
class_propertyKey::switchToLang($userSettings->getLanguage());
?>